From owner-freebsd-questions Sun Jan 21 2:44: 3 2001 Delivered-To: freebsd-questions@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 1E31B37B400 for ; Sun, 21 Jan 2001 02:43:45 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id f0LAkjO64021; Sun, 21 Jan 2001 02:46:45 -0800 (PST) (envelope-from kris) Date: Sun, 21 Jan 2001 02:46:45 -0800 From: Kris Kennaway To: Alex Charalabidis Cc: Thakingfish , freebsd-questions@freebsd.org Subject: Re: dnetc in FBSD Message-ID: <20010121024645.A63940@citusc17.usc.edu> References: <20010121022426.C63217@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="Q68bSM7Ycu6FN28Q" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from alex@wnm.net on Sun, Jan 21, 2001 at 04:36:00AM -0600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --Q68bSM7Ycu6FN28Q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jan 21, 2001 at 04:36:00AM -0600, Alex Charalabidis wrote: > Oops, misread it. So it was the horse, not the cow. :) We'll be expecting > an advisory whenever they fix it. Moo. >=20 > Sure, it's a problem for everyone who runs so much stuff as nobody that > they might as well run it as root. I think I'll just assign it its own > user. Not that I care more than anyone else to litter the world with > separate users for every trivial task, but is it worth doing by default= =20 > for this particular package? The nobody user shouldn't confer any special privileges. Currently the apache ports break that rule since ownership of the webserver is certainly a privilege. But I don't know that the ability to submit RC5 blocks is a sufficient privilege that it should get its own user. On the other hand, if dnetc proves to be an ongoing source of problems (being a binary-only client makes it more difficult to check, and apparently no-one has ever poked at it before, because it was really obvious) then firewalling it away from the other remaining applications which still inappropriately use nobody would be of benefit. I think the real issue here is fixing the other stuff which uses nobody, though. Kris --=20 NOTE: To fetch an updated copy of my GPG key which has not expired, finger kris@FreeBSD.org --Q68bSM7Ycu6FN28Q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6ar4UWry0BWjoQKURAqs7AJ9jsm6JoXR3FmyQc/IfpAWcPzo3MgCfR7h4 I5WVhgxufsSCx14zAoV2RkY= =DGAM -----END PGP SIGNATURE----- --Q68bSM7Ycu6FN28Q-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message